BLACKFISH

Blackfish, or orcas, have remained one of nature's apex predators by hunting in packs. Join the Blackfish network as we track down and eliminate stolen credentials.

Problem: Your users recycle passwordsSolution: Blackfish

The average person uses the same password across four different accounts. So even if your organization hasn’t been breached, chances are many of your users’ credentials have been spilled elsewhere.

Now, instead of waiting for attackers to try those breached credentials on your login applications, you can proactively safeguard your users at risk of account takeover. Blackfish alerts your company in real-time if and when criminals actively use your customers’ or employees’ credentials elsewhere on the web.

Credentials spilled on the dark web are stale

Why are credentials on dark web marketplaces sold for mere pennies? Because criminals have already made plenty of money off of them. Criminals weaponize credentials first, and sell them last.

When criminals first steal brand new usernames and passwords, they use the credentials against the largest web and mobile apps in the world. It usually takes 6-12 months, or longer, for stolen credentials to end up on the dark web.

Blackfish learns when stolen credentials are first used

When a criminal commits a credential stuffing attack on any Shape customer, Blackfish captures the usernames and passwords that are being used and marks them as compromised. Blackfish then immediately alerts any customers for which those credentials are valid.

Shape sees over 30M credential stuffing attacks per day and protects over 100M real human logins per day. In other words, Blackfish knows which credentials have been stolen even before criminals begin trading them on the dark web.

A collective defense against criminal networks

An entire criminal ecosystem has emerged to enable information sharing and allow attackers to operate at scale. Now the security and fraud industry can fight back.

The world’s highest-value organizations, i.e., the world’s most-targeted organizations, are already part of the Shape network, so Blackfish has the power to identify criminals' very first attempts to weaponize credentials. The more organizations that use Blackfish, the sooner we can all cure the account takeover epidemic.

Blackfish doesn’t store passwords

The security of the Blackfish system itself was the most important design consideration. Shape’s patented design uses a Bloom filter, enabling Blackfish to perform lookups of your user’s credentials without maintaining a database of compromised passwords.

Try Blackfish for Free

Eligible organizations are invited to try Blackfish and experience the power of a collective defense.

Thank you!

A Shape expert will contact you as soon as possible.

Blackfish in the News

“The economy of the Internet as a whole is suffering so that we can learn which passwords have been stolen. Because Blackfish can see all automated log-ins in real time, [it] can capture compromised usernames and passwords,” Sarah Squire says, “instead of buying them.”

“Today, the company released Blackfish, a product that could help blunt the impact of stolen password caches from massive breaches like Yahoo (the mother of all breaches), Adobe and Home Depot to name but a few examples.”

“GUEST: Shuman Ghosemajumder Chief Technology Officer Shape Security Discussing the launch of Blackfish, the first system that can autonomously identify stolen passwords before the original data breach is reported or even detected.”